<?php

require_once(dirname(__FILE__) . '/../config.php');
require_once(APPLICATION_ROOT . "/db.php");
include(APPLICATION_ROOT . "/items.php");

// Sanitize the inputs.
$notifyURL = filter_input(INPUT_POST, 'notify_url', FILTER_SANITIZE_URL);
$returnURL = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_URL);
$remote_addr = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);


// Convert cart POST variables to a usable array.
$itemsdata['notify_url'] = $notifyURL;
$itemsdata['return'] = $returnURL;

$i=1;
while (filter_input(INPUT_POST, 'item_name_' . $i, FILTER_SANITIZE_STRING]) {
	$items[$i-1]['name'] = mysql_escape_string(filter_input(INPUT_POST, 'item_name_' . $i, FILTER_SANITIZE_STRING)));
	$items[$i-1]['price'] = mysql_escape_string(filter_input(INPUT_POST, 'amount_' . $i, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
	$items[$i-1]['quantity'] = mysql_escape_string(filter_input(INPUT_POST, 'quantity_' . $i, FILTER_SANITIZE_NUMBER_INT));
	$items[$i-1]['format'] = mysql_escape_string(filter_input(INPUT_POST, 'os0_' . $i, FILTER_SANITIZE_STRING));
	$items[$i-1]['id'] = mysql_escape_string(filter_input(INPUT_POST, 'item_number_' . $i, FILTER_SANITIZE_NUMBER_INT));
	$items[$i-1]['currency'] = mysql_escape_string(filter_input(INPUT_POST, 'currency_code', FILTER_SANITIZE_STRING));
	$items[$i-1]['type'] = $products[$items[$i-1]['id']]['type'];
	$i++;
}

// Write items to the database.

$i = 0;
$txn_id = "";
$buyer_id = "";
foreach($items as $item) {

	$sql = 'INSERT INTO ' . BSDDS_PURCHASE_TABLE . ' (itemID, name, type, price, currency, quantity, format, buyer, buyer_id, email, transaction_time, time, status, txn_id, transactionID) ' .
	       'VALUES (' . $item['id'] . ', "' . $item['name'] . '", "' . $item['type'] . '", "' . $item['price'] . '", "'.$item['currency'] .'", "' . $item['quantity'] . '", "' . $item['format'] . '", "' . $remote_addr . '", "' . $buyer_id . '", "", NOW(), NOW(), "Pending", "' . $txn_id . '", NULL);';

	$query = mysql_query($sql) or die(mysql_error());

	if ($i == 0) {
		$insert_id = mysql_insert_id();
		$txn_id = strtoupper(md5($insert_id));
		$buyer_id = strtoupper(md5($remote_addr . $insert_id));
		$sql = 'UPDATE ' . BSDDS_PURCHASE_TABLE . ' SET txn_id = "' . $txn_id . '", buyer_id = "'.$buyer_id.'" WHERE transactionID = "'. $insert_id .'" LIMIT 1';
		$query = mysql_query($sql) or die(mysql_error());
	}

	$currency = $item['currency'];
	$amount = $amount + ($item['quantity] * $item['price']);
	$details .= "({$item['quantity']}) {$item['name']}";

	$i++;

}

$details = substr($details, 0, 100);

# PHP Sample Code for creating a 'Pay Now' widget
# To use this sample, replace the values of $accessKey and $secretKey with the values for your account

require_once 'HMAC.php'; #see http://pear.php.net/package/Crypt_HMAC

$accessKey = AMAZON_KEYID;
$secretKey = AMAZON_SECRETKEY;

function getPayNowButtonForm($amount, $description, $referenceId, $immediateReturn, $returnUrl, $abandonUrl) {
	global $accessKey;
	$formHiddenInputs['accessKey'] = $accessKey;
	$formHiddenInputs['amount'] = $amount;
	$formHiddenInputs['description'] = $description;
	if ($referenceId) $formHiddenInputs['referenceId'] = $referenceId;
	if ($immediateReturn) $formHiddenInputs['immediateReturn'] = $immediateReturn;
	if ($returnUrl) $formHiddenInputs['returnUrl'] = $returnUrl;
	if ($abandonUrl) $formHiddenInputs['abandonUrl'] = $abandonUrl;

	ksort($formHiddenInputs);
	$stringToSign = "";

	foreach ($formHiddenInputs as $formHiddenInputName => $formHiddenInputValue) {
		$stringToSign = $stringToSign . $formHiddenInputName . $formHiddenInputValue;
	}

	$formHiddenInputs['signature'] = getSignature($stringToSign, $secretKey);

	$form = "<form action=\"".AMAZON_PAYMENTS_URL."/pba/paypipeline\" method=\"post\" name=\"amazonbutton\">\n";
	foreach ($formHiddenInputs as $formHiddenInputName => $formHiddenInputValue) {
		$form = $form . "<input type=\"hidden\" name=\"$formHiddenInputName\" value=\"$formHiddenInputValue\" />\n";
	}
	$form = $form . "</form>\n";
	return $form;
}

function getSignature($stringToSign) {
	global $secretKey;
	$hmac = new Crypt_HMAC($secretKey,"sha1");
	$binary_hmac = pack("H40", $hmac->hash(trim($stringToSign)));
	return base64_encode($binary_hmac);
}

print <<<HTML
<html>
<head>
</head>
<body onload="document.amazonbutton.submit();"> 
HTML;

echo getPayNowButtonForm("$currency $amount", "$details", "$txn_id", "1", "{$itemsdata['return']}", BSDDS_CANCEL_URL);

PRINT <<<HTML


</body>
</html>
HTML;


?>